lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 9 Nov 2021 16:11:20 +0530
From:   Vihas Mak <makvihas@...il.com>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     sudipm.mukherjee@...il.com, arnd@...db.de,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] char: ppdev: fixed a validation issue

> On Tue, Nov 09, 2021 at 12:28:18AM +0530, Vihas Mak wrote:
> > Make sure the mode is a valid IEEE1284 mode.
> What is a valid mode?

The valid IEEE1284 modes are the ones defined in
<uapi/linux/parport.h>. Currently there are 10 modes. Namely nibble
mode, byte mode, ECP, ECPRLE, EPP and some specials.

> How did you test this?  And why is this needed now?  What hardware was
> working that is now not going to work with this driver?

I tested this on my local pc using a parallel port and read the
incoming data on my Raspberry PI.
I also used https://github.com/strezh/VPPSniffer. It's a simple
virtual parallel port used for debugging and sniffing.

The mainline code wasn't validating the mode when a user-space program
does a ioctl call to change the current mode. It might
create some bugs if the new mode isn't one of the IEEE1284 modes
defined in <uapi/linux/parport.h>. So it's better to throw a EINVAL
beforehand, if the mode is invalid.

> > +static int pp_validate_mode(int mode)
> bool?

My bad. Will do a v2.

Thanks,
Vihas

On Tue, Nov 9, 2021 at 11:55 AM Greg KH <gregkh@...uxfoundation.org> wrote:
>
> On Tue, Nov 09, 2021 at 12:28:18AM +0530, Vihas Mak wrote:
> > Make sure the mode is a valid IEEE1284 mode.
>
> What is a valid mode?
>
> > Signed-off-by: Vihas Mak <makvihas@...il.com>
> > ---
> >  drivers/char/ppdev.c | 28 +++++++++++++++++++++++++++-
> >  1 file changed, 27 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
> > index 38b46c7d1737..3b290cbf6c66 100644
> > --- a/drivers/char/ppdev.c
> > +++ b/drivers/char/ppdev.c
> > @@ -333,6 +333,28 @@ static enum ieee1284_phase init_phase(int mode)
> >       return IEEE1284_PH_FWD_IDLE;
> >  }
> >
> > +/*
> > + * Validate the mode and make sure the mode is power of two.
> > + *
> > + * IEEE1284_MODE_ECPRLE and IEEE1284_MODE_NIBBLE are exception
> > + * to this so handle them accordingly.
> > + */
> > +
>
> Why the extra line?
>
> > +static int pp_validate_mode(int mode)
>
> bool?
>
> > +{
> > +     if (mode == IEEE1284_MODE_ECPRLE || mode == IEEE1284_MODE_NIBBLE) {
> > +             return 1;
> > +     } else if (!(mode & (mode - 1)) &&
> > +                (mode & (IEEE1284_MODE_BYTE | IEEE1284_MODE_COMPAT |
> > +                         IEEE1284_MODE_BECP | IEEE1284_MODE_ECP |
> > +                         IEEE1284_MODE_ECPSWE | IEEE1284_MODE_EPP |
> > +                         IEEE1284_MODE_EPPSL | IEEE1284_MODE_COMPAT |
> > +                         IEEE1284_MODE_EPPSWE))) {
> > +             return 1;
> > +     }
> > +     return 0;
> > +}
>
> How did you test this?  And why is this needed now?  What hardware was
> working that is now not going to work with this driver?
>
> thanks,
>
> greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ